Security

Totalcloud not only takes several measures to improve your cloud security, but also implements best practices to ensure your data security.

Data & Network Security

Totalcloud does not store any information except for the cost billing reports. The billing reports will also be deleted as soon as the account is deleted. In case your subscription is over, we retain temporarily for 15 days. All the metadata information is fetched & processed in real-time without storing. All sensitive information is transmitted over encrypted channels(TLS/SSL) and HTTPS . Our servers are hosted in AWS' Virtual Private Cloud with strong access controls for network and application level security.

Data Purge Policy

All user data are permanently deleted when you delete your TotalCloud account.

AWS Access Methodology:

We support only Cross-Account Access method, the industry standard & most secure methodology to provide access to 3rd party vendors, to connect to your AWS account.

IAM Permission policy

  • ReadOnlyAccess: Monitoring, Cost analysis, Insights and Compliance feature would require this access permission to retrieve information.
  • CustomAccess(Optional): User can provide custom write permissions to specific resource and operations based on user's requirement. We provide full flexibility in configuring your permissions for operations and Automation. This is optional.

All credentials and passwords are uniquely salted and strongly hashed, and they cannot be retrieved by anyone, including TotalCloud staff.

Wherever required credentials (like secret keys) are one way functions and can only be overridden by the user and not retrieved.

For more information and suggestions, please contact us at support@totalcloud.io